Improper input validation in Cisco Ios
CVE-2016-6380
The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload)…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.017 (82.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cisco Ios — versions 12.0\(3\)t, 12.0\(3\)t1, 12.0\(3\)t2
- Cisco Ios_xe — versions 3.1.0s, 3.1.0sg, 3.1.1s
- Cisco Ios_xe_3.2ja — versions 3.2.0ja
- Cisco Ios_xe_3.3sg — versions 3.3.0sg, 3.3.1sg, 3.3.2sg
- Cisco Ios_xe_3.3xo — versions 3.3.0xo, 3.3.1xo, 3.3.2xo
- Cisco Ios_xe_3.4sg — versions 3.4.0sg, 3.4.1sg, 3.4.2sg
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 1036914 (vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (x_refsource_MISC)
- 20160928 Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 93201 (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2016-6380?
- CVE-2016-6380 is a high-severity vulnerability in Cisco Ios, classified under Improper Input Validation. CVSS score: 8.1/10. Published 2016-10-05.
- How severe is CVE-2016-6380?
- High severity. CVSS v3 base score is 8.1 out of 10.
- Is CVE-2016-6380 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.